Hi Mark,
If you’re able to, I’d recommend going with the ‘certification’ approach from the post Workflow to remove ALL leavers' standing access as it won’t send email notifications and creates a place which audit may be able to more easily see which access was revoked on termination.
Then, you can just create an link an exclusion filter to list out any sources you do not want to include in the certification.
"jsonRequestBody": {
"autoRevokeAllowed": true,
"deadline": "{{$.defineVariable1.deadline}}",
"description": "This is an automatically generated Leaver Campaign for {{$.getLeaverDetails.attributes.displayName}} (Employee ID: {{$.getLeaverDetails.attributes.identificationNumber}}) to remove any standing access remaining after termination",
"emailNotificationEnabled": false,
"filter": {
"id": "",
"type": "CAMPAIGN_FILTER"
},
"mandatoryCommentRequirement": "NO_DECISIONS",
"name": "Leaver Campaign for {{$.getLeaverDetails.attributes.displayName}} (Emp ID: {{$.getLeaverDetails.attributes.identificationNumber}})",
"recommendationsEnabled": false,
"searchCampaignInfo": {
"accessConstraints": null,
"description": "Test",
"identityIds": null,
"query": "id:{{$.trigger.identity.id}}",
"reviewer": {
"id": "",
"name": null,
"type": "IDENTITY"
},
"reviewerId": "",
"type": "IDENTITY"
},
"type": "SEARCH"
}